lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190925230938.GQ26530@ZenIV.linux.org.uk>
Date:   Thu, 26 Sep 2019 00:09:38 +0100
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Navid Emamdoost <navid.emamdoost@...il.com>
Cc:     emamd001@....edu, kjlu@....edu, smccaman@....edu,
        Samuel Mendoza-Jonas <sam@...dozajonas.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ncsi: prevent memory leak in ncsi_rsp_handler_gc

On Wed, Sep 25, 2019 at 04:58:53PM -0500, Navid Emamdoost wrote:
> In ncsi_rsp_handler_gc if allocation for nc->vlan_filter.vids fails the
> allocated memory for nc->mac_filter.addrs should be released.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
> ---
>  net/ncsi/ncsi-rsp.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/net/ncsi/ncsi-rsp.c b/net/ncsi/ncsi-rsp.c
> index d5611f04926d..f3f7c3772994 100644
> --- a/net/ncsi/ncsi-rsp.c
> +++ b/net/ncsi/ncsi-rsp.c
> @@ -800,8 +800,10 @@ static int ncsi_rsp_handler_gc(struct ncsi_request *nr)
>  	nc->vlan_filter.vids = kcalloc(rsp->vlan_cnt,
>  				       sizeof(*nc->vlan_filter.vids),
>  				       GFP_ATOMIC);
> -	if (!nc->vlan_filter.vids)
> +	if (!nc->vlan_filter.vids) {
> +		kfree(nc->mac_filter.addrs);
>  		return -ENOMEM;
> +	}

Again, why is it not a double-free?  IOW, what guarantees that we won't
be calling <greps> ncsi_remove_channel(nc) at later point?

I'm not familiar with that code, so you _might_ be correct in this case,
but you need a lot more analysis in commit message than "should be",
considering the other similar patches from the same source, with the
same level of details in them that had been provably broken.

I don't know what kind of heuristics you are using when looking for
leaks, but they demonstrably give quite a few false positives.

It might be useful (and not just for you) to discuss those heuristics.
Could you go over the patch series you've posted and follow them up
with "here I've decided that we have a leak for such and such reason".
_Including_ the ones where you've ended up with false positives.

Look at it this way: you've posted a lot of statements without any
proofs of their correctness *or* any way to guess what those missing
proofs might've been.  At least some of them are false.  I can try
to prove them from scratch and post such proofs where the statement
happens to be true and counterexamples where it happens to be false.
However, it would've been much more useful to go through what you've
actually done to arrive to those statements, so that mistakes
would not be repeated in new problems.  And those mistakes are very
unlikely to be yours alone, so other people would benefit as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ